zeronetworks / rpcfirewall
☆513Updated 4 months ago
Alternatives and similar repositories for rpcfirewall:
Users that are interested in rpcfirewall are comparing it to the libraries listed below
- A centralized resource for previously documented WDAC bypass techniques☆513Updated last year
- Event Tracing For Windows (ETW) Resources☆375Updated 6 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆323Updated last year
- Aims to identify sleeping beacons☆586Updated 4 months ago
- A C# utility for interacting with SCCM☆626Updated 7 months ago
- ☆375Updated 2 years ago
- ☆245Updated 11 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆926Updated 10 months ago
- Collection of tools that reflect the network dimension into Bloodhound's data☆447Updated 2 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆490Updated 2 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆256Updated last year
- An effort to track security vendors' use of Microsoft's Antimalware Scan Interface☆245Updated 3 years ago
- ☆201Updated 5 months ago
- Scan installed EDRs and AVs on Windows☆582Updated last year
- Active Directory delegation management tool☆296Updated last year
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆484Updated last year
- "Golden" certificates☆673Updated 8 months ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆740Updated last year
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆167Updated 2 months ago
- MAL-CL (Malicious Command-Line)☆312Updated 2 years ago
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆737Updated this week
- Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.☆781Updated 2 weeks ago
- ☆489Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆633Updated 2 years ago
- Sysmon-Like research tool for ETW☆349Updated 2 years ago
- ☆469Updated 5 months ago
- A PowerShell armoury for security guys and girls☆473Updated last year
- ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping …☆957Updated last month
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆395Updated 2 months ago
- Persistence by writing/reading shellcode from Event Log☆371Updated 2 years ago